PC security warning: That out-of-date software is putting you at risk

Over half of applications installed on Windows PCs are out-of-date, potentially putting the security of users at risk through flaws in software that have already been patched by vendors.

Around 55 percent of software installed on PCs across the globe is in the form of an older version of the application, according to research by security company Avast — and that number has risen from 48 percent in their previous report.

Based upon anonyimized and aggregated data from 163 million devices around the world, Avast’s PC trends report also suggests that almost one in six Windows 7 users and one in ten Windows 10 users are running out-of-date versions of their operating system, also leaving them open to exploitation of system-level security vulnerabilities.

Some of the programs most commonly left out-of-date include Adobe Shockwave, VLC Media Player, Skype, Java Runtime Environment, and 7-Zip Filemanager.

Putting off installing updates and running outdated applications can cause bugs and incompatibility problems for users, but more significantly, running out-of-date software can provide an open door for hackers to take advantage of holes left in programs that haven’t had critical security updates applied.

For example, 7-Zip has previously been found to have security flaws enabling remote attackers to cause denial of service attacks, the execution of arbitrary code and the exploitation of a heap overflow vulnerability. 7-Zip patched the vulnerabilities after they were discovered, but users that haven’t updated their software since the patch was released could continue to leave themselves open to attacks.

But it isn’t just applications that are vulnerable to attacks due to being out-of-date – a significant number of users are running Windows operating systems which haven’t received the relevant security updates.

Meanwhile, millions of users are running outdated versions of Microsoft’s latest operating system, Windows 10, putting them at risk from attacks which target vulnerabilities that exploit what should be closed avenues of attack.

“We need to be doing more to ensure our devices are not putting us at unnecessary risk,” said Ondrej Vlcek, president of Avast.